<!DOCTYPE HTML>

<html lang="en">
<head>

<title>Authentication (spring-security-docs 5.6.3 API)</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="Style">
<link rel="stylesheet" type="text/css" href="../../../../jquery/jquery-ui.css" title="Style">
<script type="text/javascript" src="../../../../script.js"></script>
<script type="text/javascript" src="../../../../jquery/jszip/dist/jszip.min.js"></script>
<script type="text/javascript" src="../../../../jquery/jszip-utils/dist/jszip-utils.min.js"></script>
<!--[if IE]>
<script type="text/javascript" src="../../../../jquery/jszip-utils/dist/jszip-utils-ie.min.js"></script>
<![endif]-->
<script type="text/javascript" src="../../../../jquery/jquery-3.5.1.js"></script>
<script type="text/javascript" src="../../../../jquery/jquery-ui.js"></script>
</head>
<body>
<script type="text/javascript"><!--
    try {
        if (location.href.indexOf('is-external=true') == -1) {
            parent.document.title="Authentication (spring-security-docs 5.6.3 API)";
        }
    }
    catch(err) {
    }
//-->
var data = {"i0":6,"i1":6,"i2":6,"i3":6,"i4":6,"i5":6};
var tabs = {65535:["t0","All Methods"],2:["t2","Instance Methods"],4:["t3","Abstract Methods"]};
var altColor = "altColor";
var rowColor = "rowColor";
var tableTab = "tableTab";
var activeTableTab = "activeTableTab";
var pathtoroot = "../../../../";
var useModuleDirectories = true;
loadScripts(document, 'script');</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
<header role="banner">
<nav role="navigation">
<div class="fixedNav">

<div class="topNav"><a id="navbar.top">

</a>
<div class="skipNav"><a href="Authentication.html#skip.navbar.top" title="Skip navigation links">Skip navigation links</a></div>
<a id="navbar.top.firstrow">

</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../index.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../index-all.html">Index</a></li>
<li><a href="../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList" id="allclasses_navbar_top">
<li><a href="../../../../allclasses.html">All&nbsp;Classes</a></li>
</ul>
<ul class="navListSearch">
<li><label for="search">SEARCH:</label>
<input type="text" id="search" value="search" disabled="disabled">
<input type="reset" id="reset" value="reset" disabled="disabled">
</li>
</ul>
<div>
<script type="text/javascript"><!--
  allClassesLink = document.getElementById("allclasses_navbar_top");
  if(window==top) {
    allClassesLink.style.display = "block";
  }
  else {
    allClassesLink.style.display = "none";
  }
  //-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li>Nested&nbsp;|&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li>Constr&nbsp;|&nbsp;</li>
<li><a href="Authentication.html#method.summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li>Constr&nbsp;|&nbsp;</li>
<li><a href="Authentication.html#method.detail">Method</a></li>
</ul>
</div>
<a id="skip.navbar.top">

</a></div>

</div>
<div class="navPadding">&nbsp;</div>
<script type="text/javascript"><!--
$('.navPadding').css('padding-top', $('.fixedNav').css("height"));
//-->
</script>
</nav>
</header>

<main role="main">
<div class="header">
<div class="subTitle"><span class="packageLabelInType">Package</span>&nbsp;<a href="package-summary.html">org.springframework.security.core</a></div>
<h2 title="Interface Authentication" class="title">Interface Authentication</h2>
</div>
<div class="contentContainer">
<div class="description">
<ul class="blockList">
<li class="blockList">
<dl>
<dt>All Superinterfaces:</dt>
<dd><code>java.security.Principal</code>, <code>java.io.Serializable</code></dd>
</dl>
<dl>
<dt>All Known Implementing Classes:</dt>
<dd><code><a href="../authentication/AbstractAuthenticationToken.html" title="class in org.springframework.security.authentication">AbstractAuthenticationToken</a></code>, <code><a href="../oauth2/server/resource/authentication/AbstractOAuth2TokenAuthenticationToken.html" title="class in org.springframework.security.oauth2.server.resource.authentication">AbstractOAuth2TokenAuthenticationToken</a></code>, <code><a href="../authentication/AnonymousAuthenticationToken.html" title="class in org.springframework.security.authentication">AnonymousAuthenticationToken</a></code>, <code><a href="../oauth2/server/resource/authentication/BearerTokenAuthentication.html" title="class in org.springframework.security.oauth2.server.resource.authentication">BearerTokenAuthentication</a></code>, <code><a href="../oauth2/server/resource/BearerTokenAuthenticationToken.html" title="class in org.springframework.security.oauth2.server.resource">BearerTokenAuthenticationToken</a></code>, <code><a href="../cas/authentication/CasAssertionAuthenticationToken.html" title="class in org.springframework.security.cas.authentication">CasAssertionAuthenticationToken</a></code>, <code><a href="../cas/authentication/CasAuthenticationToken.html" title="class in org.springframework.security.cas.authentication">CasAuthenticationToken</a></code>, <code><a href="../authentication/jaas/JaasAuthenticationToken.html" title="class in org.springframework.security.authentication.jaas">JaasAuthenticationToken</a></code>, <code><a href="../oauth2/server/resource/authentication/JwtAuthenticationToken.html" title="class in org.springframework.security.oauth2.server.resource.authentication">JwtAuthenticationToken</a></code>, <code><a href="../oauth2/client/authentication/OAuth2AuthenticationToken.html" title="class in org.springframework.security.oauth2.client.authentication">OAuth2AuthenticationToken</a></code>, <code><a href="../oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationToken.html" title="class in org.springframework.security.oauth2.client.authentication">OAuth2AuthorizationCodeAuthenticationToken</a></code>, <code><a href="../oauth2/client/authentication/OAuth2LoginAuthenticationToken.html" title="class in org.springframework.security.oauth2.client.authentication">OAuth2LoginAuthenticationToken</a></code>, <code><a href="../openid/OpenIDAuthenticationToken.html" title="class in org.springframework.security.openid">OpenIDAuthenticationToken</a></code>, <code><a href="../web/authentication/preauth/PreAuthenticatedAuthenticationToken.html" title="class in org.springframework.security.web.authentication.preauth">PreAuthenticatedAuthenticationToken</a></code>, <code><a href="../authentication/RememberMeAuthenticationToken.html" title="class in org.springframework.security.authentication">RememberMeAuthenticationToken</a></code>, <code><a href="../access/intercept/RunAsUserToken.html" title="class in org.springframework.security.access.intercept">RunAsUserToken</a></code>, <code><a href="../saml2/provider/service/authentication/Saml2Authentication.html" title="class in org.springframework.security.saml2.provider.service.authentication">Saml2Authentication</a></code>, <code><a href="../saml2/provider/service/authentication/Saml2AuthenticationToken.html" title="class in org.springframework.security.saml2.provider.service.authentication">Saml2AuthenticationToken</a></code>, <code><a href="../authentication/TestingAuthenticationToken.html" title="class in org.springframework.security.authentication">TestingAuthenticationToken</a></code>, <code><a href="../authentication/UsernamePasswordAuthenticationToken.html" title="class in org.springframework.security.authentication">UsernamePasswordAuthenticationToken</a></code></dd>
</dl>
<hr>
<pre>public interface <span class="typeNameLabel">Authentication</span>
extends java.security.Principal, java.io.Serializable</pre>
<div class="block">Represents the token for an authentication request or for an authenticated principal
once the request has been processed by the
<a href="../authentication/AuthenticationManager.html#authenticate(org.springframework.security.core.Authentication)"><code>AuthenticationManager.authenticate(Authentication)</code></a> method.
<p>
Once the request has been authenticated, the <tt>Authentication</tt> will usually be
stored in a thread-local <tt>SecurityContext</tt> managed by the
<a href="context/SecurityContextHolder.html" title="class in org.springframework.security.core.context"><code>SecurityContextHolder</code></a> by the authentication mechanism which is being used. An
explicit authentication can be achieved, without using one of Spring Security's
authentication mechanisms, by creating an <tt>Authentication</tt> instance and using
the code:
<pre> SecurityContext context = SecurityContextHolder.createEmptyContext();
 context.setAuthentication(anAuthentication);
 SecurityContextHolder.setContext(context);
 </pre>
Note that unless the <tt>Authentication</tt> has the <tt>authenticated</tt> property
set to <tt>true</tt>, it will still be authenticated by any security interceptor (for
method or web invocations) which encounters it.
<p>
In most cases, the framework transparently takes care of managing the security context
and authentication objects for you.</div>
</li>
</ul>
</div>
<div class="summary">
<ul class="blockList">
<li class="blockList">

<section role="region">
<ul class="blockList">
<li class="blockList"><a id="method.summary">

</a>
<h3>Method Summary</h3>
<table class="memberSummary">
<caption><span id="t0" class="activeTableTab"><span>All Methods</span><span class="tabEnd">&nbsp;</span></span><span id="t2" class="tableTab"><span><a href="javascript:show(2);">Instance Methods</a></span><span class="tabEnd">&nbsp;</span></span><span id="t3" class="tableTab"><span><a href="javascript:show(4);">Abstract Methods</a></span><span class="tabEnd">&nbsp;</span></span></caption>
<tr>
<th class="colFirst" scope="col">Modifier and Type</th>
<th class="colSecond" scope="col">Method</th>
<th class="colLast" scope="col">Description</th>
</tr>
<tr id="i0" class="altColor">
<td class="colFirst"><code>java.util.Collection&lt;? extends <a href="GrantedAuthority.html" title="interface in org.springframework.security.core">GrantedAuthority</a>&gt;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="Authentication.html#getAuthorities()">getAuthorities</a></span>()</code></th>
<td class="colLast">
<div class="block">Set by an <code>AuthenticationManager</code> to indicate the authorities that the
principal has been granted.</div>
</td>
</tr>
<tr id="i1" class="rowColor">
<td class="colFirst"><code>java.lang.Object</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="Authentication.html#getCredentials()">getCredentials</a></span>()</code></th>
<td class="colLast">
<div class="block">The credentials that prove the principal is correct.</div>
</td>
</tr>
<tr id="i2" class="altColor">
<td class="colFirst"><code>java.lang.Object</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="Authentication.html#getDetails()">getDetails</a></span>()</code></th>
<td class="colLast">
<div class="block">Stores additional details about the authentication request.</div>
</td>
</tr>
<tr id="i3" class="rowColor">
<td class="colFirst"><code>java.lang.Object</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="Authentication.html#getPrincipal()">getPrincipal</a></span>()</code></th>
<td class="colLast">
<div class="block">The identity of the principal being authenticated.</div>
</td>
</tr>
<tr id="i4" class="altColor">
<td class="colFirst"><code>boolean</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="Authentication.html#isAuthenticated()">isAuthenticated</a></span>()</code></th>
<td class="colLast">
<div class="block">Used to indicate to <code>AbstractSecurityInterceptor</code> whether it should present
the authentication token to the <code>AuthenticationManager</code>.</div>
</td>
</tr>
<tr id="i5" class="rowColor">
<td class="colFirst"><code>void</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="Authentication.html#setAuthenticated(boolean)">setAuthenticated</a></span>&#8203;(boolean&nbsp;isAuthenticated)</code></th>
<td class="colLast">
<div class="block">See <a href="Authentication.html#isAuthenticated()"><code>isAuthenticated()</code></a> for a full description.</div>
</td>
</tr>
</table>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.java.security.Principal">

</a>
<h3>Methods inherited from interface&nbsp;java.security.Principal</h3>
<code>equals, getName, hashCode, implies, toString</code></li>
</ul>
</li>
</ul>
</section>
</li>
</ul>
</div>
<div class="details">
<ul class="blockList">
<li class="blockList">

<section role="region">
<ul class="blockList">
<li class="blockList"><a id="method.detail">

</a>
<h3>Method Detail</h3>
<a id="getAuthorities()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>getAuthorities</h4>
<pre class="methodSignature">java.util.Collection&lt;? extends <a href="GrantedAuthority.html" title="interface in org.springframework.security.core">GrantedAuthority</a>&gt;&nbsp;getAuthorities()</pre>
<div class="block">Set by an <code>AuthenticationManager</code> to indicate the authorities that the
principal has been granted. Note that classes should not rely on this value as
being valid unless it has been set by a trusted <code>AuthenticationManager</code>.
<p>
Implementations should ensure that modifications to the returned collection array
do not affect the state of the Authentication object, or use an unmodifiable
instance.
</p></div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the authorities granted to the principal, or an empty collection if the
token has not been authenticated. Never null.</dd>
</dl>
</li>
</ul>
<a id="getCredentials()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>getCredentials</h4>
<pre class="methodSignature">java.lang.Object&nbsp;getCredentials()</pre>
<div class="block">The credentials that prove the principal is correct. This is usually a password,
but could be anything relevant to the <code>AuthenticationManager</code>. Callers
are expected to populate the credentials.</div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the credentials that prove the identity of the <code>Principal</code></dd>
</dl>
</li>
</ul>
<a id="getDetails()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>getDetails</h4>
<pre class="methodSignature">java.lang.Object&nbsp;getDetails()</pre>
<div class="block">Stores additional details about the authentication request. These might be an IP
address, certificate serial number etc.</div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>additional details about the authentication request, or <code>null</code>
if not used</dd>
</dl>
</li>
</ul>
<a id="getPrincipal()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>getPrincipal</h4>
<pre class="methodSignature">java.lang.Object&nbsp;getPrincipal()</pre>
<div class="block">The identity of the principal being authenticated. In the case of an authentication
request with username and password, this would be the username. Callers are
expected to populate the principal for an authentication request.
<p>
The <tt>AuthenticationManager</tt> implementation will often return an
<tt>Authentication</tt> containing richer information as the principal for use by
the application. Many of the authentication providers will create a
<code>UserDetails</code> object as the principal.</div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <code>Principal</code> being authenticated or the authenticated
principal after authentication.</dd>
</dl>
</li>
</ul>
<a id="isAuthenticated()">

</a>
<ul class="blockList">
<li class="blockList">
<h4>isAuthenticated</h4>
<pre class="methodSignature">boolean&nbsp;isAuthenticated()</pre>
<div class="block">Used to indicate to <code>AbstractSecurityInterceptor</code> whether it should present
the authentication token to the <code>AuthenticationManager</code>. Typically an
<code>AuthenticationManager</code> (or, more often, one of its
<code>AuthenticationProvider</code>s) will return an immutable authentication token
after successful authentication, in which case that token can safely return
<code>true</code> to this method. Returning <code>true</code> will improve
performance, as calling the <code>AuthenticationManager</code> for every request
will no longer be necessary.
<p>
For security reasons, implementations of this interface should be very careful
about returning <code>true</code> from this method unless they are either
immutable, or have some way of ensuring the properties have not been changed since
original creation.</div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>true if the token has been authenticated and the
<code>AbstractSecurityInterceptor</code> does not need to present the token to the
<code>AuthenticationManager</code> again for re-authentication.</dd>
</dl>
</li>
</ul>
<a id="setAuthenticated(boolean)">

</a>
<ul class="blockListLast">
<li class="blockList">
<h4>setAuthenticated</h4>
<pre class="methodSignature">void&nbsp;setAuthenticated&#8203;(boolean&nbsp;isAuthenticated)
               throws java.lang.IllegalArgumentException</pre>
<div class="block">See <a href="Authentication.html#isAuthenticated()"><code>isAuthenticated()</code></a> for a full description.
<p>
Implementations should <b>always</b> allow this method to be called with a
<code>false</code> parameter, as this is used by various classes to specify the
authentication token should not be trusted. If an implementation wishes to reject
an invocation with a <code>true</code> parameter (which would indicate the
authentication token is trusted - a potential security risk) the implementation
should throw an <code>IllegalArgumentException</code>.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>isAuthenticated</code> - <code>true</code> if the token should be trusted (which may
result in an exception) or <code>false</code> if the token should not be trusted</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code>java.lang.IllegalArgumentException</code> - if an attempt to make the authentication token
trusted (by passing <code>true</code> as the argument) is rejected due to the
implementation being immutable or implementing its own alternative approach to
<a href="Authentication.html#isAuthenticated()"><code>isAuthenticated()</code></a></dd>
</dl>
</li>
</ul>
</li>
</ul>
</section>
</li>
</ul>
</div>
</div>
</main>

<footer role="contentinfo">
<nav role="navigation">

<div class="bottomNav"><a id="navbar.bottom">

</a>
<div class="skipNav"><a href="Authentication.html#skip.navbar.bottom" title="Skip navigation links">Skip navigation links</a></div>
<a id="navbar.bottom.firstrow">

</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../index.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../index-all.html">Index</a></li>
<li><a href="../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList" id="allclasses_navbar_bottom">
<li><a href="../../../../allclasses.html">All&nbsp;Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
  allClassesLink = document.getElementById("allclasses_navbar_bottom");
  if(window==top) {
    allClassesLink.style.display = "block";
  }
  else {
    allClassesLink.style.display = "none";
  }
  //-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li>Nested&nbsp;|&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li>Constr&nbsp;|&nbsp;</li>
<li><a href="Authentication.html#method.summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li>Constr&nbsp;|&nbsp;</li>
<li><a href="Authentication.html#method.detail">Method</a></li>
</ul>
</div>
<a id="skip.navbar.bottom">

</a></div>

</nav>
</footer>
<script>if (window.parent == window) {(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)})(window,document,'script','//www.google-analytics.com/analytics.js','ga');ga('create', 'UA-2728886-23', 'auto', {'siteSpeedSampleRate': 100});ga('send', 'pageview');}</script><script defer src="https://static.cloudflareinsights.com/beacon.min.js/v652eace1692a40cfa3763df669d7439c1639079717194" integrity="sha512-Gi7xpJR8tSkrpF7aordPZQlW2DLtzUlZcumS8dMQjwDHEnw9I7ZLyiOj/6tZStRBGtGgN6ceN6cMH8z7etPGlw==" data-cf-beacon='{"rayId":"7040cc6dac02980c","token":"bffcb8a918ae4755926f76178bfbd26b","version":"2021.12.0","si":100}' crossorigin="anonymous"></script>
</body>
</html>
